Commit Graph

78315 Commits

Author SHA1 Message Date
Robert Watson
eddc160e00 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module.  In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:23:02 +00:00
Robert Watson
85bb40473a Sample loader.conf lines for various MAC modules. 2002-08-01 22:03:19 +00:00
Jake Burkholder
4fbe520926 Forgot to commit this.
Spotted by:	scottl
2002-08-01 21:39:54 +00:00
Robert Watson
bdb3fa1832 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add MAC support for the UDP protocol.  Invoke appropriate MAC entry
points to label packets that are generated by local UDP sockets,
and to authorize delivery of mbufs to local sockets both in the
multicast/broadcast case and the unicast case.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:37:34 +00:00
Robert Watson
8f293a63ce Introduce support for Mandatory Access Control and extensible
kernel access control.

Introduce two ioctls, SIOCGIFMAC, SIOCSIFMAC, which permit user
processes to manage the MAC labels on network interfaces.  Note
that this is part of the user process API/ABI that will be revised
prior to 5.0-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:15:53 +00:00
Robert Watson
64c2d84570 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add MAC support for if_ppp.  Label packets as they are removed from
the raw PPP mbuf queue.  Preserve the mbuf MAC label across various
PPP data-munging and reconstitution operations.  Perform access
control checks on mbufs to be transmitted via the interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:13:47 +00:00
Robert Watson
10722b852b Introduce support for Mandatory Access Control and extensible
kernel access control.

Label packets generated by the gif virtual interface.

Perform access control on packets delivered to gif virtual interfaces.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:00:05 +00:00
Robert Watson
18b770b2fb Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC framework entry points to authorize readdir()
operations in the native ABI.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 20:44:52 +00:00
Julian Elischer
67759b33f6 Fix a comment. 2002-08-01 19:10:40 +00:00
Julian Elischer
04774f2357 Slight cleanup of some comments/whitespace.
Make idle process state more consistant.
Add an assert on thread state.
Clean up idleproc/mi_switch() interaction.
Use a local instead of referencing curthread 7 times in a row
(I've been told curthread can be expensive on some architectures)
Remove some commented out code.
Add a little commented out code (completion coming soon)

Reviewed by:	jhb@freebsd.org
2002-08-01 18:45:10 +00:00
Robert Watson
ee0812f320 Since we have the struct file data pointer cached in vp, use that
instead when invoking VOP_POLL().
2002-08-01 18:29:30 +00:00
Alan Cox
46086ddf91 o Acquire the page queues lock before calling vm_page_io_finish().
o Assert that the page queues lock is held in vm_page_io_finish().
2002-08-01 17:57:42 +00:00
Robert Watson
f9d0d52459 Include file cleanup; mac.h and malloc.h at one point had ordering
relationship requirements, and no longer do.

Reminded by:	bde
2002-08-01 17:47:56 +00:00
Robert Watson
ebbd4fa8c8 Introduce support for Mandatory Access Control and extensible
kernel access control.

Hook up various policy modules to the kernel build.

Note that a number of these modules require futher entry point commits
in the remainder of the kernel to become fully functional, but enough
of the pieces are in place to allow experimentation.

Note also that it would be desirable to not build the mac_*.ko modules
if 'options MAC' is not defined in the kernel configuration, because
the resulting modules are not useful without the kernel option.  There
doesn't appear to be precedent for a way to do this -- for example,
we allow ipfw.ko to be built even if 'options NETINET' isn't defined.
Suggests welcomed on the "best" way to do this.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:41:27 +00:00
Maxim Sobolev
ec7c30a0f5 Move even closer to matching behaviour of our old tar(1) wrt preserving
modes of extracted files. This effectively disables special threating
of uid 0 for mode-preserving purposes and should fix problems with
pkg_add(1) and probably other things when extracting files/dirs with
sticky mode bits set.

Pointed out by:	bde
MFC in:		2 weeks
2002-08-01 17:32:08 +00:00
Robert Watson
4b826b4cfc Change macop_t to const, use macop_t in MAC policy entry point definition
structure.  This prevents a boatload of warnings in the MAC modules,
so we can hook them up to the build.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:32:01 +00:00
Robert Watson
4a58340e98 Introduce support for Mandatory Access Control and extensible
kernel access control

Invoke appropriate MAC framework entry points to authorize a number
of vnode operations, including read, write, stat, poll.  This permits
MAC policies to revoke access to files following label changes,
and to limit information spread about the file to user processes.

Note: currently the file cached credential is used for some of
these authorization check.  We will need to expand some of the
MAC entry point APIs to permit multiple creds to be passed to
the access control check to allow diverse policy behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:23:22 +00:00
Marc Fonvieille
c0727dcbfe Fix the link to the Handbook 2002-08-01 17:21:18 +00:00
Robert Watson
37bde6c0a3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Restructure the vn_open_cred() access control checks to invoke
the MAC entry point for open authorization.  Note that MAC can
reject open requests where existing DAC code skips the open
authorization check due to O_CREAT.  However, the failure mode
here is the same as other failure modes following creation,
wherein an empty file may be left behind.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:14:28 +00:00
Dag-Erling Smørgrav
02bd9db045 Don't depend on namespace pollution from <netinet/in_pcb.h>.
Submitted by:	bde
2002-08-01 16:49:31 +00:00
Robert Watson
f4d2cfdda6 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points to authorize the following
operations:

        truncate on open()                      (write)
        access()                                (access)
        readlink()                              (readlink)
        chflags(), lchflags(), fchflags()       (setflag)
        chmod(), fchmod(), lchmod()             (setmode)
        chown(), fchown(), lchown()             (setowner)
        utimes(), lutimes(), futimes()          (setutimes)
        truncate(), ftrunfcate()                (write)
        revoke()                                (revoke)
        fhopen()                                (open)
        truncate on fhopen()                    (write)
        extattr_set_fd, extattr_set_file()      (setextattr)
        extattr_get_fd, extattr_get_file()      (getextattr)
        extattr_delete_fd(), extattr_delete_file() (setextattr)

These entry points permit MAC policies to enforce a variety of
protections on vnodes.  More vnode checks to come, especially in
non-native ABIs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 15:37:12 +00:00
Bruce A. Mah
85320d12be New release note: SA-02:34. 2002-08-01 15:27:51 +00:00
Robert Watson
339b79b939 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke an appropriate MAC entry point to authorize execution of
a file by a process.  The check is placed slightly differently
than it appears in the trustedbsd_mac tree so that it prevents
a little more information leakage about the target of the execve()
operation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 14:31:58 +00:00
Bosko Milekic
abc1263a51 Move the MAC label init/destroy stuff to more appropriate places so that
the inits/destroys are done without the cache locks held even in the
persistent-lock calls.  I may be cheating a little by using the MAC
"already initialized" flag for now.
2002-08-01 14:24:41 +00:00
John Baldwin
12240b1159 Revert previous revision which accidentally snuck in with another commit.
It just removed a comment that doesn't make sense to me personally.
2002-08-01 13:44:33 +00:00
John Baldwin
0711ca46c5 Revert previous revision which was accidentally committed and has not been
tested yet.
2002-08-01 13:39:33 +00:00
John Baldwin
c0d9b7f250 Forced commit to note that the previous log was incorrect. The previous
commit added an assertion that a taskqueue being free'd wasn't being
drained at the same time.
2002-08-01 13:37:22 +00:00
John Baldwin
fbd140c786 If we fail to write to a vnode during a ktrace write, then we drop all
other references to that vnode as a trace vnode in other processes as well
as in any pending requests on the todo list.  Thus, it is possible for a
ktrace request structure to have a NULL ktr_vp when it is destroyed in
ktr_freerequest().  We shouldn't call vrele() on the vnode in that case.

Reported by:	bde
2002-08-01 13:35:38 +00:00
Jacques Vidrine
8f3e3652e4 The fix applied to the XDR decoder in revision 1.11 was incorrect. 2002-08-01 12:23:04 +00:00
Mark Murray
c13373b7d7 Fix an easy warning in a local addition. 2002-08-01 11:29:05 +00:00
Dag-Erling Smørgrav
1e6690e5db Implement the -l and -c options, which I'd forgotten. 2002-08-01 11:02:30 +00:00
Marc Fonvieille
70a4bb8f94 Fix links to the FAQ and the Handbook
Reviewed by:	re@
MFC after:	1 week
2002-08-01 10:20:59 +00:00
Mitsuru IWASAKI
6a7ef08763 Fix a bug about stack manipulation at ACPI wakeup.
This should avoid kernel panic on kernel compiled w/o
NO_CPU_COPTFLAGS.

Suggested by:	optimized code by -mcpu=pentiumpro
2002-08-01 09:48:01 +00:00
Warner Losh
3d976872ed Don't set the IFF_PROMISC bit when in hostap mode like the previous
commit bogusly did.  Instead, don't set PROMSIC in the hardware if
we're in hostap mode.  This matches more closely what openbsd did as
well.
2002-08-01 07:37:52 +00:00
Mike Barcroft
29284d7138 Implement the POSIX.1-2001 (XSI) header, <cpio.h>. 2002-08-01 07:18:38 +00:00
Robert Watson
d00e44fb4a Document the undocumented assumption that at least one of the PCB
pointer and incoming mbuf pointer will be non-NULL in tcp_respond().
This is relied on by the MAC code for correctness, as well as
existing code.

Obtained from:	TrustedBSD PRoject
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:54:43 +00:00
Robert Watson
0070e096d7 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add support for labeling most out-going ICMP messages using an
appropriate MAC entry point.  Currently, we do not explicitly
label packet reflect (timestamp, echo request) ICMP events,
implicitly using the originating packet label since the mbuf is
reused.  This will be made explicit at some point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:53:04 +00:00
Robert Watson
b3e13e1c3f Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument chdir() and chroot()-related system calls to invoke
appropriate MAC entry points to authorize the two operations.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:50:08 +00:00
Robert Watson
b827919594 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement two IOCTLs at the socket level to retrieve the primary
and peer labels from a socket.  Note that this user process interface
will be changing to improve multi-policy support.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:45:40 +00:00
Peter Wemm
8fe52021c2 Remove duplicate 'modules-tags' rule 2002-08-01 03:13:10 +00:00
Robert Watson
c1ff2d9baf Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify procfs so that (when mounted multilabel) it exports process MAC
labels as the vnode labels of procfs vnodes associated with processes.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 02:03:21 +00:00
Scott Long
0d74300cae Allow the ahc and ahd drivers to be built as modules. This also
breaks the ahc driver into a core back-end and pci and eisa
front-ends.
2002-08-01 01:36:39 +00:00
Robert Watson
dee93f2c52 Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify pseudofs so that it can support synthetic file systems with
the multilabel flag set.  In particular, implement vop_refreshlabel()
as pn_refreshlabel().  Implement pfs_refreshlabel() to invoke this,
and have it fall back to the mount label if the file system does
not implement pn_refreshlabel() for the node.  Otherwise, permit
the file system to determine how the service is provided.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:33:12 +00:00
Robert Watson
b285e7f9a8 Improve formatting and variable use consistency in extattr system
calls.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:29:03 +00:00
Robert Watson
956fc3f8a5 Simplify the logic to enter VFS_EXTATTRCTL().
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:26:07 +00:00
Robert Watson
d03db4290d Introduce support for Mandatory Access Control and extensible
kernel access control.

Authorize vop_readlink() and vop_lookup() activities during recursive
path lookup via namei() via calls to appropriate MAC entry points.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:21:40 +00:00
Robert Watson
6ea48a903c Introduce support for Mandatory Access Control and extensible
kernel access control.

Authorize the creation of UNIX domain sockets in the file system
namespace via an appropriate invocation a MAC framework entry
point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:18:42 +00:00
Robert Watson
b65f6f6b69 When invoking NDINIT() in preparation for CREATE, set SAVENAME since
we'll use nd.ni_cnp later.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:16:22 +00:00
Robert Watson
62b24bcc26 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument ctty driver invocations of various vnode operations on the
terminal controlling tty to perform appropriate MAC framework
authorization checks.

Note: VOP_IOCTL() on the ctty appears to be authorized using NOCRED in
the existing code rather than td->td_ucred.  Why?

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:09:54 +00:00
Robert Watson
467a273ca0 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the ktrace write operation so that it invokes the MAC
framework's vnode write authorization check.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:07:03 +00:00